Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks

Raja Naeem Akram; Konstantinos Markantonakis; Keith Mayes

doi:10.1007/978-3-319-24177-7_27

Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks

Raja Naeem Akram, Konstantinos Markantonakis, Keith Mayes

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

91 Downloads (Pure)

Abstract

Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider's (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There exist a variety of runtime attacks that can circumvent the security checks implemented either by the respective application or the runtime environment to protect the smart card platform, user and/or application. In this paper, we discuss the Java Runtime Environment and a potential threat model based on runtime attacks. Subsequently, we discussed the counter-measures that can be deployed to provide a secure and reliable execution platform, along with an evaluation of their effectiveness, incurred performance-penalty and latency.

Original language	English
Title of host publication	Computer Security -- ESORICS 2015
Subtitle of host publication	20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II
Editors	Peter Y A Ryan, Edgar Weippl
Place of Publication	Vienna, Austria
Publisher	Springer
Pages	541-560
Number of pages	20
ISBN (Electronic)	978-3-319-24177-7
ISBN (Print)	978-3-319-24176-0
DOIs	https://doi.org/10.1007/978-3-319-24177-7_27
Publication status	E-pub ahead of print - 18 Nov 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9327

Keywords

Smart Card
Java Card
Fault Attacks
Combined Attacks
Counter-Measures
Java Runtime Environment

Access to Document

10.1007/978-3-319-24177-7_27

Accepted ManuscriptAccepted author manuscript, 338 KB

Cite this

Akram, R. N., Markantonakis, K., & Mayes, K. (2015). Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks. In P. Y. A. Ryan, & E. Weippl (Eds.), Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II (pp. 541-560). (Lecture Notes in Computer Science; Vol. 9327). Springer. Advance online publication. https://doi.org/10.1007/978-3-319-24177-7_27

Akram, Raja Naeem ; Markantonakis, Konstantinos ; Mayes, Keith. / Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks. Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II. editor / Peter Y A Ryan ; Edgar Weippl. Vienna, Austria : Springer, 2015. pp. 541-560 (Lecture Notes in Computer Science).

@inproceedings{3a7568c3af524aa78a83514e6660f0fd,

title = "Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks",

abstract = "Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider's (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There exist a variety of runtime attacks that can circumvent the security checks implemented either by the respective application or the runtime environment to protect the smart card platform, user and/or application. In this paper, we discuss the Java Runtime Environment and a potential threat model based on runtime attacks. Subsequently, we discussed the counter-measures that can be deployed to provide a secure and reliable execution platform, along with an evaluation of their effectiveness, incurred performance-penalty and latency.",

keywords = "Smart Card, Java Card, Fault Attacks, Combined Attacks, Counter-Measures, Java Runtime Environment",

author = "Akram, {Raja Naeem} and Konstantinos Markantonakis and Keith Mayes",

year = "2015",

month = nov,

day = "18",

doi = "10.1007/978-3-319-24177-7_27",

language = "English",

isbn = "978-3-319-24176-0",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "541--560",

editor = "Ryan, {Peter Y A } and Edgar Weippl",

booktitle = "Computer Security -- ESORICS 2015",

}

Akram, RN, Markantonakis, K & Mayes, K 2015, Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks. in PYA Ryan & E Weippl (eds), Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9327, Springer, Vienna, Austria, pp. 541-560. https://doi.org/10.1007/978-3-319-24177-7_27

Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks. / Akram, Raja Naeem; Markantonakis, Konstantinos ; Mayes, Keith.
Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II. ed. / Peter Y A Ryan; Edgar Weippl. Vienna, Austria: Springer, 2015. p. 541-560 (Lecture Notes in Computer Science; Vol. 9327).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks

AU - Akram, Raja Naeem

AU - Markantonakis, Konstantinos

AU - Mayes, Keith

PY - 2015/11/18

Y1 - 2015/11/18

N2 - Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider's (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There exist a variety of runtime attacks that can circumvent the security checks implemented either by the respective application or the runtime environment to protect the smart card platform, user and/or application. In this paper, we discuss the Java Runtime Environment and a potential threat model based on runtime attacks. Subsequently, we discussed the counter-measures that can be deployed to provide a secure and reliable execution platform, along with an evaluation of their effectiveness, incurred performance-penalty and latency.

AB - Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider's (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There exist a variety of runtime attacks that can circumvent the security checks implemented either by the respective application or the runtime environment to protect the smart card platform, user and/or application. In this paper, we discuss the Java Runtime Environment and a potential threat model based on runtime attacks. Subsequently, we discussed the counter-measures that can be deployed to provide a secure and reliable execution platform, along with an evaluation of their effectiveness, incurred performance-penalty and latency.

KW - Smart Card

KW - Java Card

KW - Fault Attacks

KW - Combined Attacks

KW - Counter-Measures

KW - Java Runtime Environment

U2 - 10.1007/978-3-319-24177-7_27

DO - 10.1007/978-3-319-24177-7_27

M3 - Conference contribution

SN - 978-3-319-24176-0

T3 - Lecture Notes in Computer Science

SP - 541

EP - 560

BT - Computer Security -- ESORICS 2015

A2 - Ryan, Peter Y A

A2 - Weippl, Edgar

PB - Springer

CY - Vienna, Austria

ER -

Akram RN, Markantonakis K , Mayes K. Enhancing Java Runtime Environment for Smart Cards Against Runtime Attacks. In Ryan PYA, Weippl E, editors, Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II. Vienna, Austria: Springer. 2015. p. 541-560. (Lecture Notes in Computer Science). Epub 2015 Nov 18. doi: 10.1007/978-3-319-24177-7_27